Search results

The purpose of this conceptual paper is to underline several issues related to cybersecurity in the hospitality industry; address the importance of evaluating cyber risks, vulnerabilities and capabilities; and provide suggestions for hospitality operators to minimize the damage that cyberattacks could cause. Future research addressing cyber threats is a call to action.

To understand the occurrence and the impact of information security, the researchers reviewed the previous research regarding information security and used the database from Privacy Rights Clearinghouse and collected 76 information security incidents in the US hospitality industry since 2006.

The increasing frequency of data breach incidents from 2006 to 2017 indicates that the issue of cybercrimes has become more critical in the hospitality industry.

This conceptual paper sheds light on the issues of cybersecurity in risk assessment and heightens the necessity of discussing data breach issues in future hospitality research.

本论文旨在提出几项有关酒店行业网络安全的问题, 并指出网络风险评估的重要性、脆弱性、以及能力, 本论文对酒店行业人如何减少网络攻击所带来的损害有着建设性意义。未来科研应该加强对网络威胁方面的研究工作。

为了了解信息安全的缘由和影响, 本论文作者审阅了有关信息安全的文献, 并且借用隐私权咨询中心（Privacy Rights Clearinghouse）的数据库, 采集了自2006年以来美国酒店行业76起信息安全事件, 以进行分析研究。

本论文发现自2006年起至2017年, 数据泄露事件发生频率在与日俱增。此现象表明网络犯罪在酒店行业已经成为越来越严重的问题。

本论文是理论性文章, 其研究结果对风险评估中的网络安全问题有着启示作用, 此外, 本论文还重点提出了未来酒店管理研究方向, 应该着重研究数据泄露问题。

关键词 网络安全 、数据泄露事件 、风险评估 、信息技术 、酒店行业

The U.S. Census Bureau, health data providers, and credit bureaus are information organizations (IOs). They collect, store, and process large sets of sensitive data on individuals, households, and organizations. Storage, processing, and dissemination technologies that IOs employ have grown in capability, sophistication, and cost‐effectiveness. These technologies have outpaced the design and implementation of procedures for protecting data in transfer from primary data provider to IO and from IO to data user. On the one hand, it is necessary to protect the confidentiality of such data; on the other hand, it is necessary to protect the accessibility to the data by users, including researchers and analysts. Conflicts ensue in the two corresponding arenas: between the IO and data providers concerned with inadequate privacy and confidentiality protection; and between the IO and data users who find their access to data restricted. In this article third‐party mechanisms for managing disputes in the privacy and information area are both theoretically justified and their empirical manifestations examined The institutional mechanisms considered include privacy and information clearinghouses, a “Better Data Bureau,” a privacy information advocate, a data ombuds, a privacy mediator, an internal privacy review board, and a data and access protection commission. Under appropriate circumstances, these arrangements promise a more flexible and responsive resolution of the conflict between privacy/confidentiality and legitimate information access than is possible through legislative action and administrative rulings alone.

This paper aims to examine privacy breaches in personal health record information that expose consumers to unsolicited marketing.

Examples of: data theft by healthcare workers; sale of consumer health data by entities not covered by the Health Insurance Portability and Accountability Act (HIPAA); and piracy of health data through sophisticated internet targeted marketing.

This paper finds that HIPAA's strict safeguards to medical privacy are not extended to database companies that aggregate data for electronic medical records, a source of highly profitable information that is purchased by advertisers. Similar health information is obtained by marketers through consumer “health surveys” completed on web‐based health information sites or at community health screenings.

Consumer education is warranted to ensure awareness of privacy breaches and vigilance against loss of personal and protected health information to marketers.

The paper highlights the areas for protecting consumers via identifying loopholes in HIPAA, as well as pointing out consumer behavior that can lead to subtle, yet systematic exploitation of their health information for profit via marketing.

The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by the authors.

The 2,280 data breaches and over 512 million related compromised records tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were analyzed and classified into four external, five internal and one non-traceable data breach categories, after which trends were determined for each.

The findings indicate that although the trends for the annual number of data breaches and each of the internal and external categories and their related compromised records have increased over the six-year period, the changes have not been consistent from year to year.

By classifying data breaches into internal and external categories with the use of this new data breach model provides an excellent methodological framework for organizations to use to develop more workable strategies for safeguarding personal information of consumers, clients, employees and other entities.

The topic of data breaches remains salient to profit and nonprofit organizations, researchers, legislators, as well as criminal justice practitioners and consumer advocate groups.

A legal obligation to adopt reasonable information security procedures exists in a variety of laws around the world, such as the EU Data Directive (Directive 95/46), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and sectoral and state privacy laws in the U.S. The latter include security breach notification laws, and laws establishing a general duty of security. This paper compares and contrasts the privacy and information security landscape inside and outside the U.S. and offers suggestions for corporate “best practices” in data security designed to enhance consumer trust and minimize liability.

The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The most significant problem is the protection of patients’ data privacy. If the patients are reluctant or refuse to participate in health care system due to lack of privacy laws and regulations, the benefit of the full-fledged e-health care system cannot be materialized. The purpose of this paper is to investigate the available e-health data privacy protection laws and the perception of the people using the e-health care facilities.

The researchers used content analysis to analyze the availability and comprehensive nature of the laws and regulations. The researchers also used survey method. Participants in the study comprised of health care professionals (n=46) and health care users (n=187) who are based in the Dubai, United Arab Emirates. The researchers applied descriptive statistics mechanisms and correlational analysis to analyze the data in the survey.

The content analysis revealed that the available health data protection laws are limited in scope. The survey results, however, showed that the respondents felt that they could trust the e-health services systems offered in the UAE as the data collected is protected, the rights are not violated. The research also revealed that there was no significance difference between the nationality and the privacy data statements. All the nationality agreed that there is protection in place for the protection of e-health data. There was no significance difference between the demographic data sets and the many data protection principles.

The findings on the users’ perception could help to evaluate the success in realizing current strategies and an action plan of benchmarking could be introduced.

Broad coalitions of companies, governments, and research institutions in several countries are currently designing massive electronic infrastructures for their roadways. Known collectively as intelligent vehicle‐highway systems (IVHS), these technologies are intended to ease toll collection and commercial vehicle regulation, provide drivers with route and traffic information, improve safety and ultimately support fully automated vehicles. Although many aspects of IVHS are uncertain, some proposed designs require the system to collect vast amounts of data on individuals′ travel patterns, thus raising the potential for severe invasions of privacy. To make social choices about IVHS, it is necessary to reason about potentials for authoritarian uses of an IVHS infrastructure in the hypothetical future. Yet such reasoning is difficult, often veering towards Utopian or dystopian extremes. To help anchor the privacy debate, places IVHS privacy concerns in an institutional context, offering conceptual frameworks to discuss the potential interactions between IVHS technologies and the computer design profession, standards‐setting bodies, marketing organizations, the legal system and government administrative agencies.

There is significant documentation of fraud and abuses of consumer privacy through telemarketing activities. This led to a proliferation of legislative efforts to protect consumer privacy rights in the USA. Two such federal laws, the Health Plan Portability and Accountability Act of 1996 and the Telemarketing and Consumer Protection Act of 1994 significantly improve consumer privacy protections. However, they have a negative impact on the legitimate research and customer outreach efforts of ethical firms. It is especially challenging for health care firms as personal health information is among the most highly guarded areas of privacy concern. This article describes key provisions of these laws as they relate to health care organizations. Two program examples show how one firm successfully balances effectively administering health plan operations that support customer‐focused initiatives while complying with consumer privacy regulations.

In the online environment, consumers increasingly feel vulnerable due to firms’ expanding capabilities of collecting and using their data in an unsanctioned manner. Drawing from gossip theory, this research focuses on two key suppressors of consumer vulnerability: transparency and control. Previous studies conceptualize transparency and control from rationalistic approaches that overlook individual experiences and present a unidimensional conceptualization. This research aims to understand how individuals interpret transparency and control concerning privacy vulnerability in the online environment. Additionally, it explores strategic approaches to communicating the value of transparency and control.

An interpretivism paradigm and phenomenology were adopted in the research design. Data were collected through semi-structured interviews with 41 participants, including consumers and experts, and analyzed through thematic analysis.

The findings identify key conceptual dimensions of transparency and control by adapting justice theory. They also reveal that firms can communicate assurance, functional, technical and social values of transparency and control to address consumer vulnerability.

This research makes the following contributions to the data privacy literature. The findings exhibit multidimensional and comprehensive conceptualizations of transparency and control, including user, firm and information perspectives. Additionally, the conceptual framework combines empirical insights from both experiencers and observers to offer an understanding of how transparency and control serve as justice mechanisms to effectively tackle the issue of unsanctioned transmission of personal information and subsequently address vulnerability. Lastly, the findings provide strategic approaches to communicating the value of transparency and control.

This paper aims to extend the technology acceptance model (TAM) to explore the factors influencing a hotel customer’s intention to use a fingerprint system instead of a traditional keycard system and the moderating factors (i.e. gender and age) on the relationships between the proposed factors and the customer’s intention to use fingerprint technology. When hotels add new technologies, the potential vulnerability of their systems also increases. Underestimating such risks can possibly result in massive losses from identity theft and related fraud for hoteliers. Customers who are aware of these risks may become more open to innovative methods of identification or verification, such as biometrics.

The online survey instrument was developed based on TAMs. The authors collected complete 526 responses from hotel customers and tested the hypotheses using structural equation modeling.

This study found seven factors (i.e. perceived usefulness, perceived ease of use, subjective norm, perceived convenience, perceived data security, perceived property security and personal concerns) which significantly influence a hotel customer’s intention to use fingerprint technology. Gender and age played important moderating roles in the relationships between some of these factors and the intention to use.

Recommendations are made as to how hotels can benefit from the implementation of biometrics, particularly fingerprint systems. For example, a hotel’s marketing campaign can be more effective by emphasizing the advantages of fingerprint technology related to “data security and convenience” for younger consumers (i.e. Gen X and Gen Y).

Both educators and practitioners will benefit from the findings of this empirical study, as there are very few published studies on a customer’s fingerprint technology acceptance in the hotel context.